France

Multiple IBM Product Vulnerabilities Allow Remote Code Execution

CERT-FR published advisory CERTFR-2026-AVI-0424 on April 10, 2026 disclosing multiple critical vulnerabilities in IBM products including QRadar AI Assistant, Sterling External Authentication Server, Sterling Secure Proxy, and WebSphere Application Server Liberty. Affected versions span QRadar AI Assistant prior to 1.4.0, Sterling products prior to 6.1.1.3 GA and 6.2.1.2 GA, and WebSphere Liberty 17.0.0.3 to 26.0.0.3 without APAR PH70510. The vulnerabilities expose systems to remote code execution, data confidentiality breaches, denial of service, and security policy bypass.

Red Hat Linux Kernel Multiple Vulnerabilities Alert

CERT-FR issued an advisory alerting organizations to multiple kernel vulnerabilities in Red Hat Linux affecting numerous products across multiple architectures (x86_64, aarch64, s390x, ppc64le). The vulnerabilities expose affected systems to data confidentiality breaches, security policy bypass, remote denial of service, arbitrary code execution, and privilege escalation risks. Organizations running Red Hat Enterprise Linux, CodeReady Linux Builder, and related products must patch immediately.

SUSE Linux Kernel Multiple Vulnerabilities Advisory

CERT-FR published advisory CERTFR-2026-AVI-0422 disclosing multiple vulnerabilities in the SUSE Linux kernel affecting openSUSE Leap, SUSE Linux Enterprise Server, and related product lines across versions 12 SP5 through 15 SP7. The vulnerabilities, sourced from 13 SUSE security bulletins, could allow an attacker to cause unspecified security impacts. Affected parties are advised to apply patches referenced in the vendor security bulletins.

Multiple Ubuntu Linux Kernel Vulnerabilities Allow Privilege Escalation

CERT-FR published advisory CERTFR-2026-AVI-0421 warning of multiple Linux kernel vulnerabilities affecting Ubuntu 16.04 ESM through 25.10. The vulnerabilities allow privilege escalation, data confidentiality breaches, data integrity breaches, and denial of service attacks. System administrators should apply patches referenced in 16 Ubuntu security notices (USN-8145-3 through USN-8165-1) covering CVE-2022-49465, CVE-2022-49635, CVE-2023-53041, CVE-2023-53421, CVE-2023-53520, and additional CVEs.

Multiple Vulnerabilities in Microsoft Azure Linux, 6 CVEs

ANSSI's CERT-FR issued an alert covering 6 CVEs in Microsoft Azure Linux components affecting azl3 kernel (versions prior to 6.6.130.1-1), azl3 libsoup (prior to 3.4.4-15), and azl3 xz (prior to 5.4.4-3). The vulnerabilities could allow an attacker to cause unspecified security issues. No specific risk severity was stated by the vendor. French organizations using Azure Linux are advised to apply vendor patches immediately via Microsoft Security Response Center.

Multiple Vulnerabilities in Mattermost Desktop App

CERT-FR published security advisory CERTFR-2026-AVI-0419 alerting to multiple vulnerabilities in Mattermost Desktop App affecting versions prior to 5.13.5.0. The vulnerabilities could allow an attacker to cause unspecified security issues. Organizations using Mattermost Desktop App should consult the vendor security bulletins and apply available patches.

Apache Tomcat Multiple Vulnerabilities

CERT-FR issued an advisory warning of multiple vulnerabilities in Apache Tomcat affecting versions 10.1.x prior to 10.1.54, 11.0.x prior to 11.0.21, and 9.0.x prior to 9.0.117. The vulnerabilities allow attackers to compromise data confidentiality, data integrity, and bypass security policies. Organizations running affected Tomcat deployments must apply available patches referenced in Apache security bulletins.

Spring Cloud Gateway Vulnerability CVE-2026-22750

CERT-FR issued advisory CERTFR-2026-AVI-0417 regarding CVE-2026-22750, a vulnerability in Spring Cloud Gateway affecting versions 4.2.x prior to 4.2.1. The flaw permits an attacker to exploit an unspecified security issue. French organizations using affected versions should consult the Spring security bulletin for available patches.

Juniper Privilege Escalation Vulnerability in Junos OS

CERT-FR issued a security advisory alerting that Juniper Networks Junos OS and Junos OS Evolved contain a privilege escalation vulnerability (CVE-2026-33793). An attacker with local low-privileged access can exploit unsigned Python op-script configurations to compromise the system. Multiple versions of Junos OS and Junos OS Evolved across branches 22.4 through 25.2 are affected. Patches have been released by Juniper Networks.

Multiple Vulnerabilities in Tenable Security Center Allow Remote Code Execution

CERT-FR published advisory CERTFR-2026-AVI-0415 disclosing four critical vulnerabilities (CVE-2026-2003 through CVE-2026-2006) in Tenable Security Center versions 6.5.1 through 6.8.0. The vulnerabilities allow remote code execution and data confidentiality breaches without requiring authentication. Affected organizations must apply patch SC202604.1 from Tenable security bulletin tns-2026-10.